package exploits

import (
	"net"
	"net/http"
	"prismx_cli/core/models"
	"prismx_cli/utils/netUtils"
	"strconv"
	"strings"
	"time"
)

// init 注册插件插件
func init() {

	pathList := []string{
		"/swagger-ui/swagger-ui-bundle.js",

		"/api/swagger-ui/swagger-ui-bundle.js",
		"/api/v1/swagger-ui/swagger-ui-bundle.js",
		"/api/v2/swagger-ui/swagger-ui-bundle.js",

		"/prod-api/swagger-ui/swagger-ui-bundle.js",
		"/prod-api/v1/swagger-ui/swagger-ui-bundle.js",
		"/prod-api/v2/swagger-ui/swagger-ui-bundle.js",
	}

	models.Register(models.AppVulInfo{
		App:   "swagger ui",
		Query: "protocol:\"http\"",
		Meta: models.VulMeta{
			Name:        "Swagger UI document leaked",
			Tags:        []string{"information_leakage"},
			Author:      "一曲成殇",
			Description: "Swagger是一种用于描述API的开源框架，它使用OpenAPI规范来定义API的端点、请求、响应、模式等。Swagger接口泄露漏洞是指在使用Swagger描述API时，由于未正确配置访问控制或未实施安全措施，导致API接口被不授权的人员访问和利用，从而导致系统安全风险。",
			Homepage:    "https://swagger.io/",
			Level:       3,
			References:  "",
			Solution:    "设置",
			CreateAt:    "2021-10-04",
			Available:   false,
			Steps: models.StepsMeta{
				VerifySteps: models.VerifySteps{
					VerifyGo: func(scheme, ip string, port int, duration time.Duration) (result models.VulResult) {
						url := scheme + "://" + net.JoinHostPort(ip, strconv.Itoa(port))
						for _, path := range pathList {
							request, err := http.NewRequest("GET", url+path, nil)
							if err != nil {
								result.Response = err.Error()
								continue
							}
							sendHttp, err := netUtils.SendHttp(request, duration, false)
							if err != nil {
								result.Response = err.Error()
								continue
							}
							if sendHttp.Other.StatusCode == http.StatusOK && strings.Contains(string(sendHttp.Body), "For license information please see swagger-ui-bundle.js.LICENSE.txt") {
								result.Response = sendHttp.Header + string(sendHttp.Body)
								result.Request = sendHttp.RequestRaw
								result.State = true
								return
							}
						}
						result.Response = "The target does not have a tomcat backend management page"
						return
					},
				},
			},
		},
	})
}
